The cyber-security buck should stop with executives, finds survey

New research by VMWare has found that a great deal of UK workers believe that the responsibility for cyber-security should go all the way to the board of directors.

CEOs still don’t put cyber-security at the top of their list
CEOs still don’t put cyber-security at the top of their list

VMWare presented new research today on the historically distant relationship between the issue of cyber-security, employees and the board. 

Jeremy Van Doorn, director of network and security pre-sales at VMWare, and several other IT professionals presented a glimpse of the findings contained in VMWare's latest report.

The research presents the opinions of 500 office workers and 250 IT decision-makers, many of whom feel that cyber-security should be more of a concern to a company's executive members and board.

In fact, 29 percent of both groups believe that the CEO should be responsible for a significant data breach, and 38 percent of office workers and 22 percent of decision-makers believe that the buck should stop with the board following a breach.

However, research published in conjunction with the Economist Intelligent Unit earlier this year showed that only five percent of corporate leaders put cyber-security at the top of their priorities.

And it might not be anything new but the research finds, yet again, that the greatest threats come from within. More than half, 55 percent, of the IT decision-makers surveyed cited this as their biggest challenge.

Moreover, the report goes into greater depth about how employee oversights may lead to poor security. Twenty-six percent of the workers surveyed use a personal device for work and thereby access sensitive corporate data. Just under a fifth would do things that might risk a breach to get their job done.

Perhaps our conception of hackers is all wrong, said Mark Ridley, director of technology at Reed.co.uk. In fact, added Ridley, “everybody in your business is hacker,” in the classical sense at least.

In essence, they are looking for ways to get around problems. As the IT security cliche goes, human are the weakest link in any organisation. But the endless and seemingly often pointless hurdles that employees have to jump over in order to keep their business secure from an ostensibly distant and nebulous enemy is often the source of lax security.

Hackers are “like water or electricity, they flow to the easiest point to get in”.

“People just want to do a good job”, said Ridley, and those time-consuming hurdles can often seem more hindrance than help. That's how well-intentioned employees become the weakest point of a defensive wall.

This is not so much a technology problem, but perhaps a psychological, or sociological one. It's a question of “how much can people take”.

Simply, its about making security as easy as possible for employees. In the report itself, Joe Baguley, CTO of VMware mentions that, “Security is not just about technology. As the research shows, the decisions and behaviours of people will impact the integrity of a business”.

However, adds Baguley, “This can't be about lockdown or creating a culture of fear. Smart organisations are enabling, not restricting, their employees – allowing them to thrive, adapt processes and transform operations to succeed.”